Fixing Gutenberg error “The editor has encountered an unexpected error”

After update to WP 5, I’ve faced with next issue, I’ve couldn’t add new post or edit existed. Looks like error happens because of misconfigured nginx and when new ‘Gutenberg’ editor is active (which is true by default for wordpress 5.0 and above).

Earlier I had nginx location / configured in next manner:

location / {
    try_files $uri $uri/ /index.php?$args;
}

Same configuration can be found on wordpress codex page:

And on nginx recipe page:

The issue caused by question sign in try_files directive, when $args is empty, index.php is called like this: “/index.php?”. Solution is simple:

$is_args
    “?” if a request line has arguments, or an empty string otherwise

After I changed location / block like this:

location / {
    try_files $uri $uri/ /index.php$is_args$args;
}

The problem is gone.

Password protected access to “/wp-admin” on nginx

Here i found advice how to make wordpress more securely, idea is to protect access to “/wp-admin” by http auth, but “/wp-admin/admin-ajax.php” must stay available for everyone, same is true for some .css files.
I spend some time to research solution, it was a bit complicated:

location /wp-admin {
	location ~ /wp-admin/admin-ajax.php$ {
		# Php handler
	}
	location ~* /wp-admin/.*\.php$ {
		auth_basic            "You shall not pass!";
		auth_basic_user_file  $document_root/.htpasswd;
		# Php handler
	}
}

It is possible to add additional location to serve static content, but i am too lazy to do it.

PS
Also here i found receipts for apache and lighttpd if anybody interesting. Continue reading

Forbid access to php into “wp-content”.

I expected in few articles an advice to disable direct access to php scripts into “/wp-content/uploads” i done small research and observed, than .php placed into “/wp-content” and into subdirs was newer directly accessed thru web. So i just completely disabled direct access to php scripts placed into that dir and subdirs. Looks more securely.

PS
I made mistake. At least tiny-mce php scripts must be accessible thru web. So i just convert  this rules that touch ‘/wp-include’ for nginx:

location ~* /wp-includes {
	location ~* /wp-includes/[^/]+\.php$ {
		deny all;
	}
	location ~* /wp-includes/js/tinymce/langs/.+\.php$ {
		deny all;
	}
	location ~* /wp-includes/theme-compat {
		deny all;
	}
	location ~ /wp-includes/.+\.php$ {
		include php_wordpress_handler;
	}
}